Healthcare Orgs in the Crosshairs: Ransomware Takes Aim

Criminals are using ransomware to extort big money from organizations of all sizes in all industries. But healthcare organizations are especially attractive targets. Healthcare organizations are entrusted with the most personal, intimate information that people have – not just their financial data, but their very private health and treatment histories. Attackers perceive healthcare IT security to be the least effective and outdated in comparison with other industries. They also know that healthcare organizations tend to have significant cash on hand and have a high cost of downtime, therefore are more likely to pay the ransom for encrypted data. If you fail to take the necessary steps to combat ransomware and other advanced malware and that trust is betrayed, the cost to your business could extend far beyond paying a ransom or a noncompliance fine. If your reputation for safeguarding patient data is damaged, not only will you be scrutinized under the microscope, in some cases, companies never recover and leadership is forced to resign.

Healthcare is making strides but isn’t there yet

There is good news. Healthcare organizations have made significant security improvements over the last year. According to the HIMMS 2017 Cybersecurity Survey, it is clear that IT security is an urgent business challenge for leadership, rather than solely an IT problem. There is a marked increase in the employment of CIOs and Chief Information Security Officers (CISOs) among healthcare organizations, and security shortcomings are being addressed.

Nonetheless, there is still room for improvement and ransomware attacks continue to be a serious and growing challenge. Those who continue to commit vital resources to implementing effective security measures will emerge as winners and you will never hear of them in the media. Effectively combating ransomware requires a well-thought-out combination of technical and cultural measures.

Detection: discovering the weaknesses

Keeping your network free of ransomware and other advanced malware requires a combination of effective perimeter filtering, strategically designed network architecture, and the capability to detect and eliminate resident malware that may already be inside your network. It’s an exercise of cleaning house as your infrastructure likely contains a number of latent threats. Email inboxes are full of malicious attachments and links just waiting to be clicked on. Similarly, all applications, whether locally hosted or cloud-based, must be regularly scanned and patched for vulnerabilities. There should be a regular vulnerability management schedule for scanning and patching of all network assets, which is checking the box for basics but extremely critical for thwarting threats. Building a solid foundation such as this is a fantastic start for effective ransomware detection and prevention.

Prevention: A non-negotiable requirement

There are some very effective security technologies that are a requirement in today’s threat landscape in order to prevent ransomware and other attacks. Prevention of threats entering the network requires a modern firewall or email gateway solution to filter out the majority of threats. An effective solution should scan incoming traffic using signature matching, advanced heuristics, behavioral analysis, sandboxing, and the ability to correlate findings with real-time global threat intelligence. This will ultimately prevent employees from having to be perfectly trained to spot these sophisticated threats. It’s recommended to control and segment network access to minimize the spread of threats that do get in. Ensure that patients and visitors can only spread malware within their own, limited domain, while also segmenting, for example, administration, caregivers, and technical staff, each with limited, specific access to online resources.Even with the most sophisticated methods like spear phishing, where attackers impersonate your coworker, there are now machine learning and artificial intelligence solutions that can spot and quarantine these threats before they ever get to an employee. The risk for healthcare organizations is immensely reduced when solutions such as these are deployed as part of an overall security posture. However, when data is encrypted and held ransom, the fight isn’t over yet.

Backup—Your Last, Best Defense Against Ransomware

When a ransomware attack succeeds, your critical files—HR, payroll, electronic health records, patient financial and insurance info, strategic planning documents, email records, etc.—are encrypted, and the only way to obtain the decryption key is to pay a ransom. But if you’ve been diligent about using an effective backup system, you can simply refuse to pay and restore your files from your most recent backup—your attackers will have to find someone else to rob.Automated, cloud-based backup services can provide the greatest security. Reputable vendors offer a variety of very simple and secure backup service options, priced for organizations of any size, and requiring minimal staff time. Advanced solutions can even allow you to spin up a virtual copy of your servers in the cloud, restoring access to your critical files and applications within minutes of an attack or other disaster.

When all of these things are working simultaneously, healthcare organizations are well equipped to stop ransomware attacks effectively. Ransomware and other threats are not going away anytime soon and healthcare will continue to be a target for attackers. The hope is that healthcare professionals continue to keep IT security top of mind.

About the author: Sanjay is a 20 year veteran in technology and has a passion for cutting edge technology and a desire to innovate at the intersection of technology trends. He currently leads product management, marketing and strategy for Barracuda’s security business worldwide

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.